Amazon AWS SDK Manual de usuario descargar pdf (Pagina 20)

For information about authorizing security group ingress, see Authorize Amazon EC2 Security Group In-

gress (p. 17).

For information about creating a key pair, see Create a Key Pair (p. 18).

For information about running your Amazon EC2 instance, see Run an Amazon EC2 Instance (p. 18).

Create a Security Group

An Amazon EC2 security group controls traffic through your Amazon EC2 instances, much like a firewall.

If you do not create a security group, Amazon EC2 provides a default security group that allows no inbound

traffic. For more information about security groups, go to Security Group Concepts.

If you want to allow inbound traffic, create a security group and assign a rule to it that allows the ingress

that you want.Then associate the new security group with an Amazon EC2 instance. For more information,

see Authorize Security Group Ingress (p. 17).

To create a security group, use the SecurityGroupCollection.create method and pass the name of a

security group you created.The method returns a SecurityGroup object, as follows:

security_group = ec2.security_groups.create('YOUR_SECURITY_GROUP_NAME')

The security group name must be unique within the AWS region in which you initialize your Amazon EC2

client.You must use US-ASCII characters for the security group name and description.

If you attempt to create a security group with the same name as an existing security group, the method

returns an error.

Before starting an Amazon EC2 instance, you next need to authorize security group ingress and create

a key pair to allow you to log into your instance.You can use the returned SecurityGroup object to

authorize or revoke security group ingress and egress.You must also create a key pair to allow you to

log into your instance.

For information about authorizing security group ingress, see Authorize Amazon EC2 Security Group In-

gress (p. 17).

For information about creating a key pair, see Create a Key Pair (p. 18).

For information about running your Amazon EC2 instance, see Run an Amazon EC2 Instance (p. 18).

Authorize Security Group Ingress

By default, a new security group does not allow any inbound traffic. To allow inbound traffic, you must

explicitly authorize security group ingress.You can authorize ingress for individual IP addresses, for a

range of IP addresses, for a protocol, and for TCP/UDP ports.

To authorize ingress for your security group, use the SecurityGroup.authorize_ingress method.

The following code demonstrates one way to authorize security group ingress for a range of IP addresses.

ip_addresses = ['111.111.111.111/0', '150.150.150.150/0']

security_group.authorize_ingress :tcp, 22, *ip_addresses

Specify the IP address using CIDR notation. If you specify the protocol as TCP/UDP, you must provide

a source port or a range of ports.You can authorize ports only if you specify TCP or UDP.

Version v1.0.0

AWS SDK for Ruby Developer Guide

Create a Security Group

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Sin comentarios

Amazon AWS SDK Manual de usuario Pagina 20